Chronivio: Privacy Policy

1. Introduction

Knyr Agency ("we," "our," or "us") operates Chronivio, a customer relationship management platform for piercing studios. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Knyr Agency acts as a Data Processor for client data processed on behalf of piercing studios and as a Data Controller for business account information.

2. Information We Collect

2.1 Business Account Information

• Business name, address, and contact details
• Owner/staff names and professional credentials
• Payment and billing information
• Business license and certification details

2.2 Client Data (Processed on Your Behalf)

• Personal identification information (name, contact details)
• Health information and medical history relevant to piercing services
• Piercing records and aftercare progress
• Appointment history and preferences
• Photos of piercings (before/after, healing progress)
• Consent forms and liability waivers

2.3 Technical Data

• Usage patterns and feature interactions
• Log files and system performance data

2.4 Communications

• Support tickets and correspondence
• Feedback and survey responses
• Marketing communication preferences

3. How We Use Information

3.1 Service Provision

• Facilitate appointment scheduling and client management
• Send automated aftercare reminders and follow-ups
• Generate compliance reports and documentation
• Provide customer support

3.2 Business Operations

• Improve and develop new features
• Analyze usage patterns for service optimization
• Ensure system security and prevent fraud
• Comply with legal obligations

3.3 Communications

• Send service-related notifications
• Provide technical support
• Share product updates (with consent)

4. Legal Basis for Processing (GDPR)

We process personal data based on:

• Contract performance - To provide CRM services
• Legitimate interests - Service improvement and security
• Legal compliance - Health regulations and business requirements
• Consent - Marketing communications and optional features
• For processing health-related data, we rely on explicit consent obtained by you from your clients.

5. Data Sharing and Disclosure

5.1 We Do Not Sell Personal Data

We never sell, rent, or trade personal information to third parties.

5.2 Service Providers

We may share data with trusted service providers who assist in:

• Cloud hosting and data storage
• Payment processing
• Email delivery services
• Technical support and maintenance

5.3 Legal Requirements

We may disclose information when required by:

• Valid legal process or court orders
• Health department investigations
• Emergency situations involving imminent harm

5.4 Business Transfers

In the event of a merger, acquisition, or sale, user data may be transferred with proper notice.

6. Data Security

6.1 Technical Safeguards

• End-to-end encryption for sensitive data
• Secure data transmission (TLS/SSL)
• Regular security audits and monitoring
• Access controls and authentication requirements

6.2 Physical Safeguards

• Secure data centers with restricted access
• Environmental controls and backup systems
• Disaster recovery procedures

6.3 Administrative Safeguards

• Staff training on data protection
• Background checks for personnel with data access
• Incident response procedures

7. Data Retention

7.1 Active Accounts

Data is retained while your account remains active and for legitimate business purposes.

7.2 Account Closure

• Business data: 90 days after account closure
• Client health records: As required by local health regulations (typically 7+ years)
• Financial records: As required by tax authorities

7.3 Legal Holds

Data may be retained longer when required for legal proceedings or regulatory investigations.

8. Your Rights and Choices

8.1 Access and Portability

• View and export your business data
• Request copies of information we hold about you

8.2 Correction and Updates

• Update inaccurate information through your account
• Request corrections to data we cannot directly modify

8.3 Deletion Rights

• Delete your account and associated data
• Request removal of specific information (subject to legal requirements)

8.4 Communication Preferences

• Opt out of marketing emails
• Control notification settings
• Manage consent preferences

8.5 GDPR-Specific Rights

• Right to Object
• Right to Restrict Processing
• Right to Lodge a Complaint with a Supervisory Authority

9. Client Rights (End-User Data)

9.1 Your Clients' Rights

Your clients have rights regarding their personal data, including:

• Access to their piercing records
• Correction of inaccurate information
• Deletion requests (subject to health record retention requirements)

9.2 Your Responsibilities

We provide tools and assistance to help you respond to client data requests. You are responsible for:

• Obtaining proper consent from clients
• Responding to client data requests
• Maintaining compliance with local privacy laws

10. International Data Transfers

Data may be processed in countries other than Georgia. We ensure adequate protection through:

• Standard contractual clauses
• Adequacy decisions where available
• Appropriate safeguards for data protection

Data is primarily stored on servers located in Frankfurt, Germany. If transferred internationally, we apply Standard Contractual Clauses or equivalent safeguards.

11. Cookies and Tracking

11.1 Essential Cookies

Required for basic platform functionality and security.

11.2 Analytics Cookies

Help us understand usage patterns to improve the Service (with consent).

11.3 Cookie Controls

You can manage cookie preferences through your browser settings.

12. Children's Privacy

Chronivio is not intended for use by individuals under 18. We do not knowingly collect personal information from minors.

13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of external sites.

14. Data Breach Notification

In the event of a data breach:

• We will notify affected users within 72 hours
• Regulatory authorities will be notified as required
• We will provide guidance on protective measures
• Notifications will be sent via email and in-app alerts.

15. Compliance Framework

15.1 Healthcare Standards

• HIPAA compliance for health information (where applicable)
• Industry-specific health data protection measures
• HIPAA compliance applies where required by applicable law. For non-US users, equivalent protections are provided under GDPR and international standards.

15.2 International Standards

• GDPR compliance for EU clients
• Privacy framework alignment with international best practices

16. Updates to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through:

• Email notification to account holders
• Prominent notice in the application
• 30-day advance notice for significant changes

17. Contact Information